Centre of Excellence Tallinn, Estonia
Cyber Defence Monitoring Course
Dates
6-10 September 2010
Venue
CCD COE, Tallinn, Estonia
Course description
During the course, participants will study a number of important Cyber Defence Monitoring techniques and solutions. The content focuses on event logging and collection with syslog protocol, regular expression language and its applications to system/network monitoring, event correlation, and finally network intrusion detection and prevention.
Also, a number of open-source monitoring solutions will be discussed, including netfilter firewall and iptables utility, UNIX syslogd and syslog-ng event logging packages, Simple Event Correlator, and Snort IDS/IPS. Each module of the course consists of a presentation from the lecturer which is followed by a hands-on session.
Course outline
Day 1:
- BSD and IETF syslog protocols
- UNIX syslogd daemon
- Packet filtering with Linux netfilter firewall
Day 2:
- Regular expression language
- Introduction to event log monitoring with regular expressions
- Perl dialect of the regular expression language
Day 3:
- Syslog-ng event logging suite
Day 4:
- Introduction to event correlation
- Event correlation with Simple Event Correlator (SEC)
- Advanced event correlation with SEC
Day 5:
- Introduction to intrusion detection
- Snort IDS/IPS framework
Course attendees are welcome to book a room for a special price of 95 EUR in the Radisson Blu Hotel. Promotional code: CCDCOE
Contact
For any enquiries and further information, please contact Maj Leo Oja (leo.oja -at- ccdcoe.org; +372 7176 )
News
© 2009 CCD COE A: Filtri tee 12, 10132 Tallinn, Estonia T: +372 717 6800 F: +372 717 6308 E: ccdcoe
ccdcoe.org